Project details

Total cost:

EU contribution:

Coordinated in:

Topic(s):

Call for proposal:

Funding scheme:

IA - Innovation action

Objective

WISER delivers a cyber-risk management framework able to assess, monitor and mitigate the risks in real time, in multiple industries. WISER incorporates socio-economic impact aspects, building on current state of the art methodologies and tools, and leveraging best practices from multiple industries and international initiatives (e.g: NIS). WISER aims at implementing an impressive series of 9 short experiments, in the form of Early Assessment Pilots (EAPs) to test the resilience of different risk management frameworks (taken from different industries and intended broadly) with regards to both traditional and advanced cybersecurity threats. The EAPs allow taking elements that work best in cybersecurity risk management from different frameworks, to then build and implement an advanced risk management system that will be tested & validated in 3 Full- Scale Pilots (FSPs) – with different, high-impact instantiations in the financial services and insurance industry and in the energy field – to demonstrate market acceptance, as well as scalability of a risk management framework for cybersecurity.The WISER framework will ensure cyber risk management becomes an integral part to good business practice in both critical infrastructure & process owners and ICT-intensive SMEs by offering two delivery modes: a pre-packaged solution for addressing basic cyber risk management needs (i.e. SMEs), and a Risk Platform as a Service (RPaaS) mode of operation of the platform, intended for critical infrastructures or highly complex cyber systems requiring the implementation of special controls within the ICT system to be monitored. Ultimately, WISER implements on-demand service composition and ignites innovative assurance models, also from the point of view of premiums determination targeting. Significant outcomes of the project are also the RPaaS business model, the community of end-users, and the multi-industry synergy & standardization strategy.

This deliverable will provide a preliminary version of the cyber risk modelling language and corresponding guidelines aimed primarily at the advanced mode of operation, and further described under D3.4. While this preliminary version will be ready for use by the pilots at the start of the second year, the final version (D3.4) will incorporate updates and refinements based on experiences gained from the pilots during the second year.

Report on current best practices and results from each of the EAPs, with indications for the technical & business requirements of the WISER Methodology & Platform. This preliminary version will be provided in M03 to feed into the requirements phase of WP2 (D2.1).

This deliverable will provide the cyber risk modelling language and corresponding guidelines aimed primarily at the advanced mode of operation, with support for capturing economic and societal impact as well as mitigation selection. In order to emphasis the close link between the target of analysis and corresponding cyber risk model, guidelines for cyber target modelling will also be included.

Framework and practical tools for assessing the direct and indirect impact of risk management implementation prioritizing business management responses, tools for cost-benefit analysis, and case studies from WISER and representative verticals and SMEs. Strategic, public Workshop.

Framework and practical tools for assessing the direct and indirect impact of risk management implementation prioritizing business management responses, tools for cost-benefit analysis, and case studies from WISER and representative verticals and SMEs. Strategic, public Workshop.

This deliverable will consist of a tool/editor to support the cyber risk modelling language and the supporting infrastructure to enable the integration between the WP3 tools and the WISER runtime platform.

The WISER framework design is described and the integrated solution is articulated (early version and final version), including details on the design of the various WISER modules to be delivered in WP3, WP4 and WP5. This initial version of the framework design (driven by the final list of requirements produced by T2.1) will be evaluated by EAPs in a workshop organised by T6.1 (M06).

Architecture and interfaces of the risk assessment infrastructure, including the data warehouse, interfaces between internal components, interfaces with external elements (modelling and monitoring), assessment engine, translators, and end-user support tools. This will define the elements of the assessment infrastructure to be validated in WP7.

Architecture and interfaces of the monitoring infrastructure, including the monitoring configurations format, monitoring feeds format. This will define the elements of the monitoring infrastructure to be validated in WP7 (task 7.1 and task 7.2).

The WISER framework design is described and the integrated solution is articulated (early version and final version), including details on the design of the various WISER modules to be delivered in WP3, WP4 and WP5. This final version will incorporate the feedback received from the evaluation of the initial version.